Aussie stumbles on 19,000 exposed credit card numbers

Powered by SC Magazine
 

A defunct payment gateway has exposed as many as 19,000 credit card numbers, including up to 60 Australian numbers.

The discovery by a local IT industry worker was made by mistake.

Apart from being the result of poor security, it may also have been aided by a side-effect of the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone.

The cached data, viewed by iTnews, includes 22,000 credit card numbers, including CVVs, expiry dates, names and addresses.

Up to 19,000 of these numbers could be active. Most are customers in the US and Britain although some are Australian.

The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus.

Within the address bars of the cached pages are URLs of companies, including UK retailers of laboratory supplies, sports and health goods, apparel, photo imaging and clothing.

"I received a Google Alert for a name," said the worker who discovered the problem, speaking on condition of anonymity to iTnews.

"The alert started with a bunch of other numbers, so I went to the web page and it was just a virtual directory listing with a bunch of directories underneath and a load of files inside."

"It looks like the site might have been a payment processing gateway that handled credit card transactions for a bunch of websites before it went belly-up," the worker speculated.

The worker tried to report the find immediately to Visa and Mastercard, which have the lion's share of card numbers, but said neither returned calls.

iTnews has contacted the credit card providers for comment.

"We're investigating this report as a matter of priority, but it's too early to make any further comment," said a spokesperson for Visa.

The information will be handed to police tonight, the worker said.


Accept Credit Cards on your website with the eWAY Payment Gateway

Aussie stumbles on 19,000 exposed credit card numbers
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 815

Vote